A method for transmitting and receiving signals through the existing wiring scheme has approached the limits of its ability due to an increase in vehicle electrical components. In order to solve this problem, data transmission/reception between controllers in a vehicle using a controller area network (CAN) that is a vehicle communication network as shown in FIG. 8 is currently generalized.
In addition, the controllers use a CAN communication data structure of FIG. 9.
However, in the existing CAN communication, it is likely that a hacker having a malicious intention will arbitrarily access the CAN communication to manipulate data with only a controller area network database (CAN DB).
The hacker having the malicious intention may cause acceleration that a driver does not intend by changing a torque signal of an electrical control unit (ECU) in a vehicle. In addition, the hacker may cause danger for the driver by requesting a motor driven power steering (MDPS) in a vehicle having a smart parking assist system (SPAS) to suddenly change a steering angle.
The degree of the danger gradually increases as the access to the CAN in the vehicle using a device such as a smart phone becomes easy with the development of connection techniques between the smart phone and the vehicle.
Accordingly, it is increasingly required to implement a security solution in a vehicle communication network in order to improve driver's safety.
Conventional methods for overcoming weaknesses of the security are as follows.
First, there is a method for preventing CAN IDs of other communications except diagnosis communication from accessing controllers by filtering only CAN addresses with a diagnosis router provided in the middle of a CAN communication line and transmitting the filtered CAN addresses to the controllers. However, in this method, there is a problem in that if a direct access to a major line of the CAN communication or a controller line is performed, data may be changed.
In addition, there is a method for performing encryption or decryption by installing an encryption module at a communication terminal of each controller or encrypting communication data and performing isolation of the controller by installing a security module (e.g., a gateway or the like) on a communication network. However, in this method, there is a problem in that a separate encryption module needs to be installed for each controller, which results in an increase in cost. Also, there is a problem in that, in the method using a separate security module, an arbitrary access to the security module may be performed by hacking only the security module. Also, there is a problem in that the communication in the entire network is impossible when a defect of the security module occurs.